Improve purl2sym API results

[pombredanne]

Based on actual usage there are issues that need to be resolved:

• it is not clear which symbols or strings pipeline was used to collect symbols.
• multiple queries with different addon_pipelines may overwrite each other
• we should indicate in the returned JSON data structures the tool/pipeline used (ctags/tree sitter)

[armijnhemel]

It might also be useful to keep track of not just the tool that was used, but also the environment in which the data was scanned. This might be useful to know, both on the indexing side, as well as on the reporting side. On the indexing side it would allow me to quickly invalidate results that were created by buggy tools. Say I have an additional pipeline that runs "foo 1.0" but it has a serious bug and the database is a mix of packages scanned with (buggy) "foo 1.0" and (correct) "foo 1.1", then I would like to be able to identify/invalidate/delete the buggy results, especially if there is A LOT of data in there. On the reporting side it would allow me to ignore those results.

Taking this further, storing the origin of the scan might also be useful. Say that I would want to add data to PurlDB that was scanned by another organisation, but these turn out to be wrong/bad quality, then I would like to be able to say "delete all results that came from origin X".

[pombredanne]

See also:

• https://github.com/nexB/scancode.io/issues/670